fix(webui): shim crypto.randomUUID for non-secure contexts

`crypto.randomUUID` only exists in secure contexts (HTTPS or localhost).
Over LAN HTTP it is undefined, so `ChatPane`'s welcome-message flush and
streaming-message handlers crash mid-render with `TypeError`, unmounting
the React tree and leaving the user a blank page.

Install a Math.random-backed v4-ish fallback at app entry, gated on the
feature being missing. This mirrors the shim already used in the test
setup and covers all six call sites (`ChatPane.tsx`, `useNanobotStream.ts`)
without touching them. These IDs are client-side message keys with no
security role, so non-cryptographic randomness is fine.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

webui/src/main.tsx

@@ -5,6 +5,22 @@ import App from "./App";
 import "./globals.css";
 import "./i18n";
 
+// `crypto.randomUUID` is only defined in secure contexts (HTTPS or localhost).
+// LAN access over plain HTTP leaves it undefined, which crashes components that
+// generate client-side message IDs. Shim a v4-ish fallback so call sites stay
+// uniform across secure and non-secure contexts.
+if (typeof globalThis.crypto !== "undefined" && !("randomUUID" in globalThis.crypto)) {
+  Object.defineProperty(globalThis.crypto, "randomUUID", {
+    value: () =>
+      "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+        const r = (Math.random() * 16) | 0;
+        const v = c === "x" ? r : (r & 0x3) | 0x8;
+        return v.toString(16);
+      }),
+    configurable: true,
+  });
+}
+
 const root = document.getElementById("root");
 if (!root) throw new Error("root element missing");